8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
exiv2 is vulnerable to out of bounds read. It is due to a flaw in IptcData::printStructure in iptc.c. which allows an attcker to crash the application via malicious input.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2101
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1465061
bugzilla.redhat.com/show_bug.cgi?id=1470729
bugzilla.redhat.com/show_bug.cgi?id=1470737
bugzilla.redhat.com/show_bug.cgi?id=1470913
bugzilla.redhat.com/show_bug.cgi?id=1470946
bugzilla.redhat.com/show_bug.cgi?id=1470950
bugzilla.redhat.com/show_bug.cgi?id=1471772
bugzilla.redhat.com/show_bug.cgi?id=1473888
bugzilla.redhat.com/show_bug.cgi?id=1473889
bugzilla.redhat.com/show_bug.cgi?id=1475123
bugzilla.redhat.com/show_bug.cgi?id=1475124
bugzilla.redhat.com/show_bug.cgi?id=1482295
bugzilla.redhat.com/show_bug.cgi?id=1482296
bugzilla.redhat.com/show_bug.cgi?id=1482423
bugzilla.redhat.com/show_bug.cgi?id=1494443
bugzilla.redhat.com/show_bug.cgi?id=1494467
bugzilla.redhat.com/show_bug.cgi?id=1494776
bugzilla.redhat.com/show_bug.cgi?id=1494778
bugzilla.redhat.com/show_bug.cgi?id=1494780
bugzilla.redhat.com/show_bug.cgi?id=1494781
bugzilla.redhat.com/show_bug.cgi?id=1494782
bugzilla.redhat.com/show_bug.cgi?id=1494786
bugzilla.redhat.com/show_bug.cgi?id=1494787
bugzilla.redhat.com/show_bug.cgi?id=1495043
bugzilla.redhat.com/show_bug.cgi?id=1524104
bugzilla.redhat.com/show_bug.cgi?id=1524107
bugzilla.redhat.com/show_bug.cgi?id=1524116
bugzilla.redhat.com/show_bug.cgi?id=1525055
bugzilla.redhat.com/show_bug.cgi?id=1537353
bugzilla.redhat.com/show_bug.cgi?id=1566260
bugzilla.redhat.com/show_bug.cgi?id=1652637
bugzilla.redhat.com/show_bug.cgi?id=1664361
github.com/Exiv2/exiv2/issues/263
github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
security.gentoo.org/glsa/201811-14
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P